FIG. 1 schematically shows a database with data, indicated by reference numeral 1. A host computer associated with the database 4 is indicated by reference numeral 3. A user computer is indicated by reference numeral 1. The user computer 1 and the host computer 3 are capable of communicating with each other over a network 2, which may include a wireless communication path and/or a wired communication path, and which may include the internet.
In a simple situation, the user computer 1 sends a request message to the host computer 3 (hereinafter also simply indicated as “host”), identifying the data required, and the host 3 receives the request message, processes the information identifying the required data, retrieves the required data from the database 4, and sends a response message to the user computer 1, this response message containing the required data.
Such a setup works adequately if the data concerned is accessible to anybody. However, there are many examples where data access is restricted to authorized persons only. One important example is patient information, where access is restricted with a view to privacy. Another example is a company, where workers are allowed to access their own files but are not allowed to access the work files of other workers, while only some workers are allowed to access the bookkeeping data. Another example is a bank account. Another example on a smaller scale is access to a laptop or USE stick or other type of easily portable data storage device. In such cases, the host 3 is provided with a memory 5 (see FIG. 2), containing information (for instance in the form of a table) defining a relationship between persons and the data they are allowed to access. In the request message, user identification information (for instance a name or a log-in code) is contained, identifying the user person using the user computer 1. The host checks this user identification information to identify the user, determines which data this user is authorized to access, and checks whether the requested data is part of the data accessible to this user.
Now a problem is that the host 3 has no idea whether or not the user using the user computer 1 actually is the person he claims to be. For this problem, some kind of authentication procedure is necessary, to assure the authenticity of the user identification information.
For authenticating the user identification authenticity, many possibilities exist. One simple possibility is entering a password, for instance using a keyboard or any other suitable type of input device. The password should be known to the bonafide user only. The host only receives the password information, but does not know whether the password has been inputted by the bonafide user or by a malafide user, hereinafter also indicated as “imposter”. Thus, the mere fact that the host 3 receives the correct password is not a true guarantee that the person operating the user PC 1 is actually the authorized person: it is possible that the authorized person has given (voluntarily or not) the password details to someone else, it is possible that an imposter has guessed correctly, and it is even possible that an imposter has stolen the password details, for instance by watching the authorized person, or by finding a notebook in which the authorized person hase noted his password, to name a few examples.
Another possibility for authenticating the user identity it to use a unique machine-recognizable object, for instance a magnet card with a magnetic strip, in which case the user PC 1 will be equipped with a card reader device 6 (see FIG. 3). Cards with magnetic strips (or alternatively a chip) containing information, as well as suitable readers, are known per se. For another type of information-carrying object, a corresponding type of reader is required, as will be clear to a person skilled in the art. This approach involves already increased safety, but nevertheless it is possible that the original card has been stolen or copied.
Yet another possibility for authenticating the user identity is to use the recognition of body features that are unique to the actual body of the authorized person. For instance, fingerprint scanners and iris scanners are commonly known and commercially available. However, whereas a card reader may read information from a card and send this information to the host 3, detection of body features typically involves a recognition process in the scanner, which in a learning mode has scanned and stored the body feature concerned, and which in normal operation compares the momentarily scanned information with the stored information, and basically generates YES/NO information to be sent to the host. This will make it difficult to implement such authentication procedure in case where a user is mobile and wishes to use different PCs in different locations.
Summarizing, in general, there may be multiple types of authentication methods available, requiring different types of information and requiring different types of readers, while it may be that the user has not always all information carriers with him (he may simply have forgotten to take along his magnet card) and it is also possible that not all access locations (PCs 1) are equipped with all possible types of readers. Further, it may be that some type of information requires a higher level of protection than some other type of information (patient information could for instance require a much higher level of protection against unathorized access than a draft article for the personnel magazine).
A further complication may be that certain information carriers are or become less reliable than others. For instance, in a system based on the use of magnetic cards or chip cards, it is conceivable that such cards originate from different providers. A government may for instance provide identity cards (passports, drivers licence) of very high quality, handed out to the intended user in person only when he identifies himself. A company may for instance use cheaper cards of lower quality. Or the issuing process may be less safe because cards are sent by mail or are left in a collection for the intended user to pick from. It is further conceivable that the encryption of cards which are safe today is compromised tomorrow so that the cards can easily be copied and are therefore less safe.